Palo Alto GlobalProtect Gateway Selection Priority Process Algorithm

This is something you need to understand when setting this up. This algorithm uses the priority and response time to determine which gateway to connect to.

The LOWER priority gateway will be chosen if the HIGHEST priority gateway’s response time is GREATER than the average response time.

#EXAMPLE 1:

Gateway 1:
Priority = Highest
80 ms

Gateway 2:
Priority = Low
25 ms

Average Response Time = 52.5 ms

Based on the average response time being 52.5 ms and GW1’s response time is OVER this at 80 ms, GW2 will be chosen.

#EXAMPLE 2:

Gateway 1:
Priority = Highest
30 ms

Gateway 2:
Priority = High
25 ms

Gateway 2:
Priority = Medium
50 ms

Average Response Time = 35 ms

Since both GW1 and GW2 are BELOW the average response time, it will come down to the PRIORITY to determine which is chosen. In this case it’s GW1 since it’s the highest.

So you can see the average response time is always used. The PRIORITY is only used when there is more than one GW that’s under the average response time.

More Stories
Palo Alto – What Settings Don’t Sync in Active/Active HA?